Does Paid Access Protect Uploaded Files?

I suspect the answer to my question is no, and if so, I'd love to hear suggestions on how to get around that drawback.

To further explain, I have pages on my site that require paid access. On those pages will be links to PDF files that are available for downloading. I had planned to upload the files right on the page using the upload tool (or in the File Manager). I tested both out and apparently if you have the URL for the uploaded file, you can access the file without paying, even without being a member of my community. I also assume the files will be indexed by Google and may appear in search results. This is not good.

So, is there a way to secure uploaded files from within Ning (i.e. set file privacy so only paid members, or even just members, can access it if they go directly to the download link)?

Tags: paid access, uploading files

Views: 180

Reply to This

Replies to This Discussion

Permalink Reply by Eric Suesz on December 12, 2011 at 10:17am

Hey, Alyssa. I thought that these URLs shouldn't be accessible unless you are a paying member, but let's double check this. Can you share the URL of that page? Were you signed out of your network when you tried to access that page with Paid Access turned on for that page? 

Permalink Reply by Alyssa Gregory on December 12, 2011 at 10:33am

Hi Eric. Thanks for your response. The problem isn't the page; it's the uploaded files, linked on the page.

For example: The page is here. It prompts the user to pay for access, as expected. But on that page, I have a link to a PDF. It's that file I want to secure and make sure it's not accessible by members (or non-members) who are not paying. This is the URL to that PDF file.

Permalink Reply by Alyssa Gregory on December 12, 2011 at 11:17am

Yes, John, that is my point. Enjoy the newsletter, BTW! :)

Permalink Reply by Eric Suesz on December 15, 2011 at 1:36pm

Hey, Alyssa. I'm finally back. (BTW, your newsletter looks great.) 

I've been digging into the details on this. My apologies if I didn't have a definitive answer right away, but I wanted to check with our product folks and others here who work on this feature. I did some testing, looked into the history of this feature, and compared that with the work we're doing right now to improve the Paid Access feature. 

So, first things first: I was incorrect about this detail. It does not include a specific authentication of a member at the time of download, so this URL that links to this file, while quite hidden behind a string of random-ish letters and numbers, could potentially be shared with a non-paying member. We do check for members who try to access that page, but we don't check for specific types of downloads or put up an additional wall, so to speak. I would think that in practice you would probably see very (very) few instances of this type of sharing, but it is possible. 

Second, we did consider this type of protection for Paid Access, but we weren't able to include it in the first version of the feature. We may still add this type of protection and have worked up plans for it, but it's not available right now. It wouldn't take a ton of extra work, but it's not trivial, either. It simply needs to be prioritized. One of the difficulties around this is knowing how many people are using Paid Access specifically to sell content like this. Your raising this issue as one of those people who are trying to use Paid Access in this way makes a difference, so thank you for bringing it up. It's already raised the visibility of this feature enhancement request. 

It may not be worth much, but I wanted to at least raise the point that many Internet services work in this same manner (including paid services like Flickr, I believe). But, I can absolutely see how you would want to keep what you consider valuable under lock and key. I do know that there are PDF to Flash converters that some organizations use in situations like this. To be honest, as a consumer and reader, those aren't wonderful solutions to me. 

In summary, I don't have a great answer to this for you, but I have taken your conversation as an opportunity to try and bump up this feature enhancement in our list of priorities. And, if I have more updates or can think of an easy workaround, I will try to share those. Of course, we are open to hearing your feedback, so feel free to let me know what you think. Whether this is a complete deal killer for you or merely an annoyance that you wish were more comprehensive, we'd like to hear your opinion.

Permalink Reply by Eric Suesz on December 12, 2011 at 11:25am

Thanks, Alyssa! I will check this out and get back to you. 

Permalink Reply by Alyssa Gregory on December 16, 2011 at 12:11am

Thanks for your detailed response, Eric. Having uploaded files secured and available only to paying members is definitely a key feature of Paid Access for my business. In fact, I can't imagine I would ever use Paid Access in a way that didn't involve providing some kind of download on the protected page.

I'm not as concerned about paying members copying the URLs and distributing the paid access files, but I am concerned that my uploads could be indexed by Google, and people who aren't even members of my community could essentially grab the content I will be charging for. Not a good thing! If you have a suggested workaround for this part of the issue, I'd love to hear it.

So, to answer your question, yes, not having secured uploads may be a deal breaker for me. I'm sure I could find an alternate way to secure the downloads once people get to the paid page (password protection, third-party hosting), but that feels awfully cumbersome, especially as a startup with limited funds and limited time. And, of course, I want the experience to be as smooth and agreeable for my members as possible.

I hope this gets moved up on the list of priorities for development. I have a handful of premium pages/content I'm getting ready to roll out in early 2012!

Thanks again, Eric.

Permalink Reply by Nu Flav Media on April 2, 2012 at 4:58am
I also plan on using some of my PDF files for paid viewing, I hope Ning will include file upload to paid access.
For now I Alyssa, I've recently decided to embed my PDF files using embedit.in a free online website the allows you
to embedit.in your PDF to any blog or webpage. Best of all you can set it to only be viewed a place you embed it at.

RSS

Latest Activity

Rowald replied to Monica Diaz's discussion 'How are you using member categories in Ning 3.0?'
"Hi Monica, I am aware of this but thanks for your help. All this (Country) information is already…"
2 hours ago
caro commented on kid k's group 'Ning French Networks'
"voila mon histoire et j'en pleure je prend meme des medoc kil me laisse la matrce tel kel de…"
2 hours ago
caro commented on kid k's group 'Ning French Networks'
"kikou robert on pas t'etat d'ame ning j'ai 8 ans de ning2 mon site est plein de…"
2 hours ago
caro commented on kid k's group 'Ning French Networks'
"mdr c pas gagner hein il est bidon ning3 je le haiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii je garde…"
2 hours ago
Thiago Santos de Moraes replied to Elshara Silverheart's discussion 'More Feature Requests'
"Thanks, Kos. I would like to understand the reason for this, it seems that the Ning wants to…"
3 hours ago
Troy Marquis replied to Andrew Sanderson's discussion 'Video chat for ning network'
"skysa"
4 hours ago
Ambroise favorited Eric Suesz's page Ning 3.0 Roadmap
6 hours ago
Ambroise commented on kid k's group 'Ning French Networks'
"Dans le menu, il y a marqué Ning 3.0 lol"
6 hours ago

Cultivating Community

Community Spotlight: Carnegie Hall Musical Exchange, A Community for Young Musicians

How to Make Social Work for Your Community: Ted Rheingold at ForumCon 2013

Discovery is Powered by the Community You Keep: Glimpse Conference 2013

Dealing with Trolls: 4 Snippits

Ideas to Prevent the Summer Community Doldrums

© 2013   Created by Ning.

Badges  |  Report an Issue  |  Terms of Service